1 # Any fsck program run by init 2 type fsck, domain; 3 type fsck_exec, exec_type, file_type; 4 5 # /dev/__null__ created by init prior to policy load, 6 # open fd inherited by fsck. 7 allow fsck tmpfs:chr_file { read write ioctl }; 8 9 # Inherit and use pty created by android_fork_execvp_ext(). 10 allow fsck devpts:chr_file { read write ioctl getattr }; 11 12 # Allow stdin/out back to vold 13 allow fsck vold:fd use; 14 allow fsck vold:fifo_file { read write getattr }; 15 16 # Run fsck on certain block devices 17 allow fsck block_device:dir search; 18 allow fsck userdata_block_device:blk_file rw_file_perms; 19 allow fsck cache_block_device:blk_file rw_file_perms; 20 allow fsck dm_device:blk_file rw_file_perms; 21 22 # To determine if it is safe to run fsck on a filesystem, e2fsck 23 # must first determine if the filesystem is mounted. To do that, 24 # e2fsck scans through /proc/mounts and collects all the mounted 25 # block devices. With that information, it runs stat() on each block 26 # device, comparing the major and minor numbers to the filesystem 27 # passed in on the command line. If there is a match, then the filesystem 28 # is currently mounted and running fsck is dangerous. 29 # Allow stat access to all block devices so that fsck can compare 30 # major/minor values. 31 allow fsck dev_type:blk_file getattr; 32 33 r_dir_file(fsck, proc) 34 allow fsck rootfs:dir r_dir_perms; 35 36 ### 37 ### neverallow rules 38 ### 39 40 # fsck should never be run on these block devices 41 neverallow fsck { 42 boot_block_device 43 frp_block_device 44 metadata_block_device 45 recovery_block_device 46 root_block_device 47 swap_block_device 48 system_block_device 49 vold_device 50 }:blk_file no_rw_file_perms; 51 52 # Only allow entry from init or vold via fsck binaries 53 neverallow { domain -init -vold } fsck:process transition; 54 neverallow * fsck:process dyntransition; 55 neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 56
